Tuesday, February 16, 2016

Disable the access control policy

How to disable the access control policy:
1. Open wc-server.xml which is located in WCDE_ENT70\workspace\WC\xml\config\wc-server.xml
 2. Search for "<Instance" tag
 3. Add AccessControlUnitTest="true immediately after "<Instance "
 4. Save the file
 5. Restart the server

 After implementing this steps the server will not throw  "User does not have authority to execute Command/View"
How to disable access control check in Commands:
 If you want to disable access control policy for a controller command then call setAccCheck(false) before calling execute.
 This method is set by the web controller to indicate whether an access control check is required for this command.

 For e.g
 OrderCreateCmd orderCreateCmd=
 (OrderCreateCmd ) CommandFactory.createCommand(OrderCreateCmd .NAME,   getStoreId())    
 orderCreateCmd.setAccCheck(false);
 orderCreateCmd.execute();

accessControlCheck():

 This method performs a command level access control check for this command. The default implementation invokes the access control manager to perform the check.This method returns true
 if the user has authority and false otherwise.


getResources()
 This method is used to implement resource-level access control. It returns a vector of resource-action pairs upon which the command intends to act. If nothing is returned, no resource-level access control is performed.In order to Skip Resource level Access  control in a Controller Command do as below. But it is not recommended.
 public AccessVector getResources() {
 return null;
 }
checkIsAllowed()

 This method determines whether a user can perform a specified action on a certain resource. This method is called by the command to perform a resource level access control check in addition to the resources returned by the getResources() method.

No comments:

Post a Comment